#VU45822 Improper Authorization in Advanced Access Manager
Published: August 20, 2020
Advanced Access Manager
Vasyl Martyniuk
Description
The vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to incorrect processing of permissions. A remote authenticated user can send a specially crafted HTTP POST request to the wp-admin/profile.php with typical profile update parameters and appending a aam_user_roles[] parameter set to the role they would like to use.